General

  • Target

    123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e

  • Size

    1.1MB

  • Sample

    240711-12p3xswepm

  • MD5

    683b6ac246fb6811d31c932ff464aac2

  • SHA1

    99817595612d589a9d3061ea0cf7b95a93975514

  • SHA256

    123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e

  • SHA512

    2f1ada85795b5394b19045730810da20bf3c70bba20d6e6a216e705480ef8ef4e666ad34684f61a7baa430c4c8ae3f4dd1cf10ef6930aec99aba7d6a7c66fe59

  • SSDEEP

    24576:tX4RHZCwHID6sMoVXZ5bFkNL/6fF2XQpI:YCPmo1ZvkR6F2XEI

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e

    • Size

      1.1MB

    • MD5

      683b6ac246fb6811d31c932ff464aac2

    • SHA1

      99817595612d589a9d3061ea0cf7b95a93975514

    • SHA256

      123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e

    • SHA512

      2f1ada85795b5394b19045730810da20bf3c70bba20d6e6a216e705480ef8ef4e666ad34684f61a7baa430c4c8ae3f4dd1cf10ef6930aec99aba7d6a7c66fe59

    • SSDEEP

      24576:tX4RHZCwHID6sMoVXZ5bFkNL/6fF2XQpI:YCPmo1ZvkR6F2XEI

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks